Static Application Security Testing
Focused View
Jerod Brennen
3:40:42
153 View
01 - The importance of static testing.mp4
00:49
02 - What you should know.mp4
02:38
01 - Security in the SDLC.mp4
03:50
02 - Development methodologies.mp4
05:18
03 - Programming languages.mp4
03:27
04 - Security frameworks.mp4
06:25
05 - The OWASP Top 10.mp4
03:18
06 - Other notable projects.mp4
05:31
07 - Top 25 software errors.mp4
02:55
08 - BSIMM.mp4
06:35
09 - Building your test lab.mp4
03:58
10 - Preparing your checklist.mp4
03:27
01 - Internal project plans.mp4
06:06
02 - Communication planning.mp4
05:23
03 - Change control policy.mp4
04:46
04 - Security incident response policy.mp4
05:05
05 - Logging and monitoring policy.mp4
05:39
06 - Third-party agreements.mp4
07:51
07 - OWASP ASVS.mp4
04:28
01 - Challenges of assessing source code.mp4
06:02
02 - OWASP Code Review Guide.mp4
06:40
03 - Static code analysis.mp4
04:39
04 - Code review models.mp4
06:40
05 - Application threat modeling STRIDE.mp4
08:29
06 - Application threat modeling DREAD.mp4
05:12
07 - Code review metrics.mp4
05:59
08 - Demo Codacy.mp4
07:53
09 - Demo SonarQube.mp4
07:10
01 - The OWASP Top 10.mp4
03:26
02 - A1 Broken access controls.mp4
06:17
03 - A2 Cryptographic failures.mp4
07:29
04 - A3 Injection.mp4
08:00
05 - A4 Insecure design.mp4
05:21
06 - A5 Security misconfiguration.mp4
07:58
07 - A6 Vulnerable and outdated components.mp4
07:08
08 - A7 Identification and authentication failures.mp4
07:39
09 - A8 Software and data integrity failures.mp4
05:49
10 - A9 Security logging and monitoring failures.mp4
06:55
11 - A10 Server-Side Request Forgery.mp4
04:58
01 - Static application security testing next steps.mp4
03:29
Description
Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections—with demos of popular tools such as Codacy and SonarQube—prepare you to apply the lessons in the real world.
More details
User Reviews
Rating
average 0
Focused display
Jerod Brennen
Instructor's CoursesBy day, I'm a strategic advisor, virtual CISO, public speaker, & storyteller.
By night, I'm a husband, father, writer, filmmaker, martial artist, musician, and gamer. I've earned every gray hair in my beard, having spent my career serving as a cybersecurity leader in public utilities, retail, higher education, consulting, and technology.
I love to share what I've learned over the years every chance I get: at local and regional professional meetings, at larger conferences, and online via blogs and podcasts. I've published multiple online information security courses with Pluralsight and LinkedIn Learning, and I teach courses in person, both domestically and internationally.
I bring a unique combination of perspective and experience to the table when helping organizations improve their cybersecurity programs, and I'd love to help you make those same improvements, focusing on the business value of an effective, efficient, forward-thinking cybersecurity program.
At the end of the day, I just want to help folks get one step closer to doing what they want to do securely.
LinkedIn Author -> https://www.linkedin.com/learning/instructors/jerod-brennen
Pluralsight Author -> https://www.pluralsight.com/authors/jerod-brennen
Hands-on experience in the following areas:
- Application Security (Web and Mobile)
- Business Analysis
- Cloud Security
- Compliance Assessment and Management (ISO, PCI, SOX, HIPAA, FISMA, FERPA)
- Corporate Training
- Data Governance
- Identity and Access Management / Identity Governance and Administration
- Mentorship
- Penetration Testing (Network, Application, Wireless, Social, Physical)
- Project Management
- Risk Assessment and Management (NIST)
- Security Architecture
- Security Awareness Training
- Security Incident Response
- Security Metrics
- Security Organization Management
- Security Policy & Procedure Development
- Security Systems Administration
- Strategic Planning, Budgeting, & Program Development
- Supplier Security Risk Management
- Technical Documentation
- Vulnerability Assessment and Management
Finally, if you connect with me and send me a sales message without including the word "Orwell," I'll know that you didn't take time to get to know me through my profile. No one likes an impersonal cold call. People who put forth the effort to personalize that outreach are more likely to develop an authentic relationship. ;)
Linkedin Learning
View courses Linkedin LearningLinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications.
It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.
- language english
- Training sessions 40
- duration 3:40:42
- English subtitles has
- Release Date 2023/07/02
